QueryDepth::nodeDepth() - Code Metrics - Inspection of "Query complexity security" - overblog/GraphQLBundle - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#23)

by Jérémiah

created 2016-04-02 20:03 UTC

QueryDepth::nodeDepth() C

↳ Parent: QueryDepth

Complexity

Conditions	8
Paths	8

Size

Total Lines	32
Code Lines	18

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	32
rs	5.3846
cc	8
eloc	18
nc	8
nop	3

<?php

/*
 * This file is part of the OverblogGraphQLBundle package.
 *
 * (c) Overblog <http://github.com/overblog/>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Overblog\GraphQLBundle\Request\Validator\Rule;

use GraphQL\Error;
use GraphQL\Language\AST\Field;
use GraphQL\Language\AST\Node;
use GraphQL\Language\AST\OperationDefinition;
use GraphQL\Language\AST\SelectionSet;
use GraphQL\Validator\ValidationContext;

class QueryDepth extends AbstractQuerySecurity
{
    const DEFAULT_QUERY_MAX_DEPTH = self::DISABLED;

    /**
     * @var int
     */
    private static $maxQueryDepth;

    public function __construct($maxQueryDepth = self::DEFAULT_QUERY_MAX_DEPTH)
    {
        $this->setMaxQueryDepth($maxQueryDepth);
    }

    /**
     * Set max query depth. If equal to 0 no check is done. Must be greater or equal to 0.
     *
     * @param $maxQueryDepth
     */
    public static function setMaxQueryDepth($maxQueryDepth)
    {
        self::checkIfGreaterOrEqualToZero('maxQueryDepth', $maxQueryDepth);

        self::$maxQueryDepth = (int) $maxQueryDepth;
    }

    public static function getMaxQueryDepth()
    {
        return self::$maxQueryDepth;
    }

    public static function maxQueryDepthErrorMessage($max, $count)
    {
        return sprintf('Max query depth should be %d but got %d.', $max, $count);
    }

    public function __invoke(ValidationContext $context)
    {
        return $this->invokeIfNeeded(
            $context,
            [
                Node::OPERATION_DEFINITION => [
                    'leave' => function (OperationDefinition $operationDefinition) use ($context) {
                        $maxDepth = $this->fieldDepth($operationDefinition);

                        if ($maxDepth > $this->getMaxQueryDepth()) {
                            return new Error($this->maxQueryDepthErrorMessage($this->getMaxQueryDepth(), $maxDepth));
                        }
                    },
                ],
            ]
        );
    }

    protected function isEnabled()
    {
        return $this->getMaxQueryDepth() !== static::DISABLED;
    }

    private function fieldDepth(Node $node, $depth = 0, $maxDepth = 0)

    {
        if (isset($node->selectionSet)) {
            foreach ($node->selectionSet->selections as $childNode) {

                $maxDepth = $this->nodeDepth($childNode, $depth, $maxDepth);
            }
        }

        return $maxDepth;
    }

    private function nodeDepth(Node $node, $depth = 0, $maxDepth = 0)
    {
        switch ($node->kind) {
            case Node::FIELD:
                // node has children?
                if (null !== $node->selectionSet) {

                    // update maxDepth if needed
                    if ($depth > $maxDepth) {
                        $maxDepth = $depth;
                    }
                    $maxDepth = $this->fieldDepth($node, $depth + 1, $maxDepth);
                }
                break;

            case Node::INLINE_FRAGMENT:
                // node has children?
                if (null !== $node->selectionSet) {
                    $maxDepth = $this->fieldDepth($node, $depth, $maxDepth);
                }
                break;

            case Node::FRAGMENT_SPREAD:
                $fragment = $this->getFragment($node);


                if (null !== $fragment) {
                    $maxDepth = $this->fieldDepth($fragment, $depth, $maxDepth);
                }
                break;
        }

        return $maxDepth;
    }
}


1		<?php
2
3		/*
4		* This file is part of the OverblogGraphQLBundle package.
5		*
6		* (c) Overblog <http://github.com/overblog/>
7		*
8		* For the full copyright and license information, please view the LICENSE
9		* file that was distributed with this source code.
10		*/
11
12		namespace Overblog\GraphQLBundle\Request\Validator\Rule;
13
14		use GraphQL\Error;
15		use GraphQL\Language\AST\Field;
16		use GraphQL\Language\AST\Node;
17		use GraphQL\Language\AST\OperationDefinition;
18		use GraphQL\Language\AST\SelectionSet;
19		use GraphQL\Validator\ValidationContext;
20
21		class QueryDepth extends AbstractQuerySecurity
22		{
23		const DEFAULT_QUERY_MAX_DEPTH = self::DISABLED;
24
25		/**
26		* @var int
27		*/
28		private static $maxQueryDepth;
29
30		public function __construct($maxQueryDepth = self::DEFAULT_QUERY_MAX_DEPTH)
31		{
32		$this->setMaxQueryDepth($maxQueryDepth);
33		}
34
35		/**
36		* Set max query depth. If equal to 0 no check is done. Must be greater or equal to 0.
37		*
38		* @param $maxQueryDepth
39		*/
40		public static function setMaxQueryDepth($maxQueryDepth)
41		{
42		self::checkIfGreaterOrEqualToZero('maxQueryDepth', $maxQueryDepth);
43
44		self::$maxQueryDepth = (int) $maxQueryDepth;
45		}
46
47		public static function getMaxQueryDepth()
48		{
49		return self::$maxQueryDepth;
50		}
51
52		public static function maxQueryDepthErrorMessage($max, $count)
53		{
54		return sprintf('Max query depth should be %d but got %d.', $max, $count);
55		}
56
57		public function __invoke(ValidationContext $context)
58		{
59		return $this->invokeIfNeeded(
60		$context,
61		[
62		Node::OPERATION_DEFINITION => [
63		'leave' => function (OperationDefinition $operationDefinition) use ($context) {
64		$maxDepth = $this->fieldDepth($operationDefinition);
65
66		if ($maxDepth > $this->getMaxQueryDepth()) {
67		return new Error($this->maxQueryDepthErrorMessage($this->getMaxQueryDepth(), $maxDepth));
68		}
69		},
70		],
71		]
72		);
73		}
74
75		protected function isEnabled()
76		{
77		return $this->getMaxQueryDepth() !== static::DISABLED;
78		}
79
80	View Code Duplication	private function fieldDepth(Node $node, $depth = 0, $maxDepth = 0)
		0 ignored issues – show Duplication introduced 2016-04-02 20:15 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
81		{
82		if (isset($node->selectionSet)) {
83		foreach ($node->selectionSet->selections as $childNode) {
		0 ignored issues – show Bug introduced 2016-04-02 20:15 UTC by Report Bug Copy Issue Report The property `selectionSet` does not seem to exist in `GraphQL\Language\AST\Node`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
84		$maxDepth = $this->nodeDepth($childNode, $depth, $maxDepth);
85		}
86		}
87
88		return $maxDepth;
89		}
90
91		private function nodeDepth(Node $node, $depth = 0, $maxDepth = 0)
92		{
93		switch ($node->kind) {
94		case Node::FIELD:
95		// node has children?
96		if (null !== $node->selectionSet) {
		0 ignored issues – show Bug introduced 2016-04-02 20:15 UTC by Report Bug Copy Issue Report The property `selectionSet` does not seem to exist in `GraphQL\Language\AST\Node`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
97		// update maxDepth if needed
98		if ($depth > $maxDepth) {
99		$maxDepth = $depth;
100		}
101		$maxDepth = $this->fieldDepth($node, $depth + 1, $maxDepth);
102		}
103		break;
104
105		case Node::INLINE_FRAGMENT:
106		// node has children?
107		if (null !== $node->selectionSet) {
108		$maxDepth = $this->fieldDepth($node, $depth, $maxDepth);
109		}
110		break;
111
112		case Node::FRAGMENT_SPREAD:
113		$fragment = $this->getFragment($node);
		0 ignored issues – show Compatibility introduced 2016-04-02 20:15 UTC by Report Bug Copy Issue Report `$node` of type `object<GraphQL\Language\AST\Node>` is not a sub-type of `object<GraphQL\Language\AST\FragmentSpread>`. It seems like you assume a child class of the class `GraphQL\Language\AST\Node` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
114
115		if (null !== $fragment) {
116		$maxDepth = $this->fieldDepth($fragment, $depth, $maxDepth);
117		}
118		break;
119		}
120
121		return $maxDepth;
122		}
123		}
124

overblog / GraphQLBundle

Scrutinizer GitHub App not installed

Pull Request — master (#23)

QueryDepth::nodeDepth() C

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like